Solved

Exchange 2010 errors communicating with Domain Controllers

Posted on 2013-06-11
6
384 Views
Last Modified: 2013-08-11
I have three Hyper-V Servers all on one physical machine,
1. Domain Controller 1 running WIndows 2012
2. Domain Controller 2 Running Windows 2012
3. Exchange 2010 running Windows 2008 R2

after a few months running just fine, suddenly the Exchange server is complaining it cannot find the DC's.

I get the Application Error logs saying Event ID 2604 MSExchangeADAccess
Eventi ID 2103, 2114, and 2102.

I already looked at the Default Domain Security settings where you make sure it is the Local Domain Controllers policy and not just the Local Domain policy.

Then I reboot and it seems fine...for awhile. Any ideas?
0
Comment
Question by:garyoh
  • 4
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Jaihunt
ID: 39236969
Hi

Did you check any DNS issues in the DC's. Check Network issues also. What is the primary and secondary DNS settings for the DC's.

Thanks
  Jai
0
 

Author Comment

by:garyoh
ID: 39238372
For the dc's, I have each one pointing to itself first and to the other second.
I did have a strange thing when I pinged the dc's from the exchange box by name: it pinged the IP v6 address and all boxes now have IP v6 disabled in the net adapter properties. Should I have IP  v6 on? I also see IP v6 entries in the DNS tables on both dc's. also when I run dcdiag, I do get some errors about replication. Should I have IP v6 all on or all off? And, if all off, should I manually delete all IP v6 entries in the DNS tables? Just curious.
0
 
LVL 13

Expert Comment

by:Jaihunt
ID: 39238397
Disable the IPv6 and remove the entries also make sure you are able to resolve the dc from exchange. what replication errors you get from DC
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:garyoh
ID: 39238597
I did mention these are all Hyper-V instances on a single physical server, right? I don't know if that matters or not. I would not think so.

When I tried to ping the dc's from the exchange server, I get this:
Pinging DC2012-1.mydomain.local from [ipv6 address] with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.
ping statistics for [ipv6 address]:
sent=4, received = 0

when I run "dcdiag /s:DC2012-1", I get errors here:
"NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes in Filtered Set access rights for the naming context:
...all the DC stuff here"

That's it.

I did go into the DNS servers and remove the ip v6 entries from there except for two which are these:
in forward Look zones --> mydomain.local --> there is a "(same as parent folder) IPv6 (AAAA) [IPv6 Address] and a date"
Should those get deleted as well?

Thanks for your help
0
 

Accepted Solution

by:
garyoh earned 0 total points
ID: 39386549
We called Microsoft Tech Support and got them involved. The solution was completed by a Tech there with one of my techs. Unfortunately, I have no input on the final solution. Sorry.
0
 

Author Closing Comment

by:garyoh
ID: 39399511
No solution was provided except by MS.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now